release/src/router/nettle/umac-set-key.c

   1 /* umac-set-key.c
   2  */
   3
   4 /* nettle, low-level cryptographics library
   5  *
   6  * Copyright (C) 2013 Niels Möller
   7  *
   8  * The nettle library is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU Lesser General Public License as published by
  10  * the Free Software Foundation; either version 2.1 of the License, or (at your
  11  * option) any later version.
  12  *
  13  * The nettle library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  15  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
  16  * License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public License
  19  * along with the nettle library; see the file COPYING.LIB.  If not, write to
  20  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  21  * MA 02111-1301, USA.
  22  */
  23
  24 #if HAVE_CONFIG_H
  25 # include "config.h"
  26 #endif
  27
  28 #include <string.h>
  29
  30 #include "umac.h"
  31
  32 #include "macros.h"
  33
  34 static void
  35 umac_kdf (struct aes_ctx *aes, unsigned index, unsigned length, uint8_t *dst)
  36 {
  37   uint8_t block[AES_BLOCK_SIZE];
  38   uint64_t count;
  39   WRITE_UINT64 (block, (uint64_t) index);
  40   for (count = 1; length >= AES_BLOCK_SIZE;
  41        length -= AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE, count++)
  42     {
  43       WRITE_UINT64 (block + 8, count);
  44       aes_encrypt (aes, AES_BLOCK_SIZE, dst, block);
  45     }
  46   if (length > 0)
  47     {
  48       WRITE_UINT64 (block + 8, count);
  49       aes_encrypt (aes, AES_BLOCK_SIZE, block, block);
  50       memcpy (dst, block, length);
  51     }
  52 }
  53
  54 #if WORDS_BIGENDIAN
  55 #define BE_SWAP32(x) x
  56 #define BE_SWAP32_N(n, x)
  57 #else
  58 #define BE_SWAP32(x)                            \
  59   ((ROTL32(8,  x) & 0x00FF00FFUL) |             \
  60    (ROTL32(24, x) & 0xFF00FF00UL))
  61 #define BE_SWAP32_N(n, x) do {                  \
  62   unsigned be_i;                                \
  63   for (be_i = 0; be_i < n; be_i++)              \
  64     {                                           \
  65       uint32_t be_x = (x)[be_i];                \
  66       (x)[be_i] = BE_SWAP32 (be_x);             \
  67     }                                           \
  68   } while (0)
  69 #endif
  70
  71 void
  72 _umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
  73                uint64_t *l3_key1, uint32_t *l3_key2,
  74                struct aes_ctx *aes, const uint8_t *key, unsigned n)
  75 {
  76   unsigned size;
  77   uint8_t buffer[UMAC_KEY_SIZE];
  78
  79   aes_set_encrypt_key (aes, UMAC_KEY_SIZE, key);
  80
  81   size = UMAC_DATA_SIZE / 4 + 4*(n-1);
  82   umac_kdf (aes, 1, size * sizeof(uint32_t), (uint8_t *) l1_key);
  83   BE_SWAP32_N (size, l1_key);
  84
  85   size = 6*n;
  86   umac_kdf (aes, 2, size * sizeof(uint32_t), (uint8_t *) l2_key);
  87   _umac_l2_init (size, l2_key);
  88
  89   size = 8*n;
  90   umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
  91   _umac_l3_init (size, l3_key1);
  92
  93   /* No need to byteswap these subkeys. */
  94   umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
  95
  96   umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
  97   aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);
  98 }